Using SO_LINGER Socket Option

A tutorial example is provided to show how to use the SO_LINGER socket option to prevent the server closing the socket too soon after writing the response to the socket.

Recently, I had a chance to look at the source code of HttpsHello.java again and found out why I am getting the "Software caused connection abort: recv failed" exception without turning on the SSL debug option.

The root cause of the issue is that the server code HttpsHello.java is closing the socket too soon after writing the response when running without SSL debug. This leads to the client code, HttpsCLient.java, not able to read the response from the socket.

When HttpsHello.java is running with SSL debug turned on, the execution gets slowdown a little bit. The client code HttpsClient.java gets enough time to read the response.

One way to fix the problem is to turn on the SO_LINGER socket option in HttpsHello.java, using a statement like "c.setSoLinger(true,1);", which tells the next "c.close();" call to wait for up to 1 second to get acknowledgment from the client side of the data sent.

Here is the revised server code, HttpsHello2.java:

/* HttpsHello2.java
 * Copyright (c) HerongYang.com. All Rights Reserved.
 */
import java.io.*;
import java.security.*;
import javax.net.ssl.*;
public class HttpsHello2 {
   public static void main(String[] args) {
      String ksName = "herong.jks";
      char ksPass[] = "HerongJKS".toCharArray();
      char ctPass[] = "My1stKey".toCharArray();
      try {
         KeyStore ks = KeyStore.getInstance("JKS");
         ks.load(new FileInputStream(ksName), ksPass);
         KeyManagerFactory kmf =
         KeyManagerFactory.getInstance("SunX509");
         kmf.init(ks, ctPass);
         SSLContext sc = SSLContext.getInstance("TLS");
         sc.init(kmf.getKeyManagers(), null, null);
         SSLServerSocketFactory ssf = sc.getServerSocketFactory();
         SSLServerSocket s
            = (SSLServerSocket) ssf.createServerSocket(8888);
         System.out.println("Server started:");
         printServerSocketInfo(s);
         // Listening to the port
         SSLSocket c = (SSLSocket) s.accept();
         printSocketInfo(c);
         BufferedWriter w = new BufferedWriter(
            new OutputStreamWriter(c.getOutputStream()));
         BufferedReader r = new BufferedReader(
            new InputStreamReader(c.getInputStream()));
         String m = r.readLine();
         w.write("HTTP/1.0 200 OK");
         w.newLine();
         w.write("Content-Type: text/html");
         w.newLine();
         w.newLine();
         w.write("<html><body>Hello world!</body></html>");
         w.newLine();
         w.flush();

         // Turning on SO_LINGER option with 1 second linger time
         // c.close() will wait for client to acknowledge the data sent
         c.setSoLinger(true,1);

         w.close();
         r.close();
         c.close();
      } catch (Exception e) {
         e.printStackTrace();
      }
   }
   private static void printSocketInfo(SSLSocket s) {
      System.out.println("Socket class: "+s.getClass());
      System.out.println("   Remote address = "
         +s.getInetAddress().toString());
      System.out.println("   Remote port = "+s.getPort());
      System.out.println("   Local socket address = "
         +s.getLocalSocketAddress().toString());
      System.out.println("   Local address = "
         +s.getLocalAddress().toString());
      System.out.println("   Local port = "+s.getLocalPort());
      System.out.println("   Need client authentication = "
         +s.getNeedClientAuth());
      SSLSession ss = s.getSession();
      System.out.println("   Cipher suite = "+ss.getCipherSuite());
      System.out.println("   Protocol = "+ss.getProtocol());
   }
   private static void printServerSocketInfo(SSLServerSocket s) {
      System.out.println("Server socket class: "+s.getClass());
      System.out.println("   Socket address = "
         +s.getInetAddress().toString());
      System.out.println("   Socket port = "
         +s.getLocalPort());
      System.out.println("   Need client authentication = "
         +s.getNeedClientAuth());
      System.out.println("   Want client authentication = "
         +s.getWantClientAuth());
      System.out.println("   Use client mode = "
         +s.getUseClientMode());
   }
}

The revised code works now with JDK 1.8 and newer versions:

herong>java HttpsHello2.java
Server started:
Server socket class: class sun.security.ssl.SSLServerSocketImpl
   Socket address = 0.0.0.0/0.0.0.0
   Socket port = 8888
   Need client authentication = false
   Want client authentication = false
   Use client mode = false
Socket class: class sun.security.ssl.SSLSocketImpl
   Remote address = /127.0.0.1
   Remote port = 65524
   Local socket address = /127.0.0.1:8888
   Local address = /127.0.0.1
   Local port = 8888
   Need client authentication = false
   Cipher suite = TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
   Protocol = TLSv1.2

Here is the execution session of the client code, HttpsClient.java, in JDK 1.8 and newer versions:

herong>java -Djavax.net.ssl.trustStore=public.jks HttpsClient

The default SSL socket factory class: class
sun.security.ssl.SSLSocketFactoryImpl
Socket class: class sun.security.ssl.SSLSocketImpl
   Remote address = localhost/127.0.0.1
   Remote port = 8888
   Local socket address = /127.0.0.1:65524
   Local address = /127.0.0.1
   Local port = 65524
   Need client authentication = false
   Cipher suite = TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
   Protocol = TLSv1.2
HTTP/1.0 200 OK
Content-Type: text/html

<html><body>Hello world!</body></html>

If you want to use the SO_LINGER option, you can put the server code to read from the socket for an acknowledgement message. Of course, the client code needs to be revised to send such an acknowledgement message after finish reading the response.

Table of Contents

 About This JDK Tutorial Book

 JDK (Java Development Kit)

 Java Date-Time API

 Date, Time and Calendar Classes

 Date and Time Object and String Conversion

 Number Object and Numeric String Conversion

 Locales, Localization Methods and Resource Bundles

 Calling and Importing Classes Defined in Unnamed Packages

 HashSet, Vector, HashMap and Collection Classes

 Character Set Encoding Classes and Methods

 Character Set Encoding Maps

 Encoding Conversion Programs for Encoded Text Files

 Java Logging

 Socket Network Communication

 Datagram Network Communication

 DOM (Document Object Model) - API for XML Files

 SAX (Simple API for XML)

 DTD (Document Type Definition) - XML Validation

 XSD (XML Schema Definition) - XML Validation

 XSL (Extensible Stylesheet Language)

 Message Digest Algorithm Implementations in JDK

 Private key and Public Key Pair Generation

 PKCS#8/X.509 Private/Public Encoding Standards

 Digital Signature Algorithm and Sample Program

 "keytool" Commands and "keystore" Files

 KeyStore and Certificate Classes

 Secret Key Generation and Management

 Cipher - Encryption and Decryption

 The SSL (Secure Socket Layer) Protocol

 SSL Socket Communication Testing Programs

 SSL Client Authentication

HTTPS (Hypertext Transfer Protocol Secure)

 What Is HTTPS?

 HttpsHello.java - HTTPS Server Test Program

 HttpsClient.java - HTTPS Client Test Program

 HttpsClient.java Failed with JDK 1.8

Using SO_LINGER Socket Option

 HTTPS Server with Expired Certificate

 Connecting to HttpsHello.java with IE

 HttpsEchoer.java - A Better HTTPS Server

 Outdated Tutorials

 References

 Full Version in PDF/EPUB